A customer planning on hosting an AWS RDS instance, needs to ensure that the underlying data

is encrypted. How can this be achieved? Choose 2 answers from the options given below.

A. Ensure that the right instance class is chosen for the underlying instance.
B. Choose only General Purpose SSD since only this volume type supports encryption of data.
C. Encrypt the database during creation.
D. Enable encryption of the underlying EBS Volume

AC

You are developing a new mobile application which is expected to be used by thousands of
customers. You are considering storing user preferences in AWS, and need a data store to save
the same. Each data item is expected to be 20KB in size. The solution needs to be cost-eective,
highly available, scalable and secure. How would you design the data layer?

A. Create a new AWS MySQL RDS instance and store the user data there.
B. Create a DynamoDB table with the required Read and Write capacity and use it as the data
layer.
C. Use Amazon Glacier to store the user data.
D. Use an Amazon Redshift Cluster for managing the user preferences.

Your Operations department is using an incident based application hosted on a set of EC2
Instances. These instances are placed behind an Auto Scaling Group to ensure the right number
of instances are in place to support the application. The Operations department has expressed
dissatisfaction with regard to poor application performance at 9:00 AM each day. However, it is
also noted that the system performance returns to optimal at 9:45 AM.
What can be done to ensure that this issue gets xed?

A. Create another Dynamic Scaling Policy to ensure that the scaling happens at 9:00 AM.
B. Add another Auto Scaling group to support the current one.
C. Change the Cool Down Timers for the existing Auto Scaling Group.
D. Add a Scheduled Scaling Policy at 8:30 AM

A database hosted in AWS is currently encountering an extended number of write operations and
is not able to handle the load. What can be done to the architecture to ensure that the write
operations are not lost under any circumstance?
A. Add more IOPS to the existing EBS Volume used by the database.
B. Consider using DynamoDB instead of AWS RDS.
C. Use SQS Queues to queue the database writes.
D. Use SNS to send notication on missed database writes and then add them manually at a later

You have created an AWS Lambda function that will write data to a DynamoDB table. Which of
the following must be in place to ensure that the Lambda function can interact with the
DynamoDB table?

A. Ensure an IAM Role is attached to the Lambda function which has the required DynamoDB
privileges.
B. Ensure an IAM User is attached to the Lambda function which has the required DynamoDB
privileges.
C. Ensure the Access keys are embedded in the AWS Lambda function.
D. Ensure the IAM user password is embedded in the AWS Lambda function.

Your company currently has data hosted in an Amazon Aurora MySQL DB. Since this data is
critical, there is a need to ensure that it can be made available in another region in case of a
disaster. How can this be achieved?

A. Make a copy of the underlying EBS Volumes in the Amazon Cluster in another region.
B. Enable Multi-AZ for the Aurora database.
C. Creating a read replica of Amazon Aurora in another region.
D. Create an EBS Snapshot of the underlying EBS volumes in the Amazon Cluster and then
copy them to another region.

Your company has a requirement to host a static web site in AWS. Which of the following steps
would help implement a quick and cost-effective solution for this requirement? Choose 2
answers from the options given below. Each answer forms a part of the solution.

A. Upload the static content to an S3 bucket.

B. Create an EC2 Instance and install a web server.
C. Enable web site hosting for the S3 bucket.
D. Upload the code to the web server on the EC2 Instance.
AC

A company currently storing a set of documents in the AWS Simple Storage Service, is worried
about the potential loss if these documents are ever deleted. Which of the following can be used
to ensure protection from loss of the underlying documents in S3?

A. Enable Versioning for the underlying S3 bucket.

B. Copy the bucket data to an EBS Volume as a backup.
C. Create a Snapshot of the S3 bucket.
D. Enable an IAM Policy which does not allow deletion of any document from the S3 bucket.

An application with a 150 GB relational database runs on an EC2 Instance. This application will
be used frequently with a high database reads and writes requests. What is the most cost-
effective storage type for this application?

A. Amazon EBS Provisioned IOPS SSD

B. Amazon EBS Throughput Optimized HDD
C. Amazon EBS General Purpose SSD
D. Amazon EFS

A company has a set of EC2 Linux based instances hosted in AWS. There is a need to have a
standard le
interface for files to be used across all Linux based instances. Which of the following can be
used for this purpose?

A. Consider using the Simple Storage Service.

B. Consider using Amazon Glacier.
C. Consider using AWS RDS.
D. Consider using AWS EFS.

Your company is planning on using Route 53 as the DNS provider. There is a need to ensure that
the company's domain name points to an existing CloudFront distribution. How can this be
achieved?
A. Create an Alias record which points to the CloudFront distribution.
B. Create a host record which points to the CloudFront distribution.
C. Create a CNAME record which points to the CloudFront distribution.
D. Create a Non-Alias Record which points to the CloudFront distribution.

A company needs to extend their storage infrastructure to the AWS Cloud. The storage needs to
be available as iSCSI devices for on-premises application servers. Which of the following would
be able to fulfill this requirement?

A. Create a Glacier vault. Use a Glacier Connector and mount it as an iSCSI device.
B. Create an S3 bucket. Use an S3 Connector and mount it as an iSCSI device.
C. Use the EFS file service and mount the different
file systems to the on-premises servers.
D. Use the AWS Storage Gateway-cached volumes service.

Your infrastructure in AWS currently consists of a private and public subnet. The private subnet
consists of database servers and the public subnet has a NAT Instance which helps the instances
in the private subnet to communicate with the Internet. The NAT Instance is now becoming a
bottleneck. Which of the following changes to the current architecture can help prevent this issue
from occurring in the future?

A. Use a NAT Gateway instead of the NAT Instance.

B. Use another Internet Gateway for better bandwidth.
C. Use a VPC connection for better bandwidth.
D. Consider changing the instance type for the underlying NAT Instance

Your current setup in AWS consists of the following architecture: 2 public subnets, one subnet
which has web servers accessed by users across the Internet and another subnet for the database
server. Which of the following changes to the architecture adds a better security boundary to the
resources hosted in this setup?

A. Consider moving the web server to a private subnet.

B. Consider moving the database server to a private subnet.
C. Consider moving both the web and database servers to a private subnet.
D. Consider creating a private subnet and adding a NAT Instance to that subnet.

Your company has a set of applications that make use of Docker containers used by the
Development team. There is a need to move these containers to AWS. Which of the following
methods could be used to set up these Docker containers in a separate environment in AWS?

A. Create EC2 Instances, install Docker and then upload the containers.
B. Create EC2 Container registries, install Docker and then upload the containers.
C. Create an Elastic Beanstalk environment with the necessary Docker containers.
D. Create EBS Optimized EC2 Instances, install Docker and then upload the containers.

Instances in your private subnet hosted in AWS, need access to important documents in S3. Due
to the confidential nature of these documents, you have to ensure that this traffic does not
traverse through the internet. As an architect, how would you you implement this solution?

A. Consider using a VPC Endpoint.

B. Consider using an EC2 Endpoint.
C. Move the instances to a public subnet.
D. Create a VPN connection and access the S3 resources from the EC2 Instance

You have a video transcoding application running on Amazon EC2. Each instance polls a queue
to find out which video should be transcoded, and then runs a transcoding process. If this process
is interrupted, the video gets transcoded by another instance based on the queuing system. You
have a large backlog of videos that need to be transcoded and you would like to reduce this
backlog by adding more instances. These instances will only be needed until the backlog is
reduced. What Amazon EC2 Instance type should you use to reduce the backlog in the most
cost-effcient
way?

A. Reserved Instances
B. Spot Instances
C. Dedicated Instances
D. On-Demand Instances
B

A company has a workflow that sends video files from their on-premises system to AWS for
transcoding. They use EC2 worker instances to pull transcoding jobs from SQS. Why is SQS an
appropriate service for this scenario?

A. SQS guarantees the order of the messages.

B. SQS synchronously provides transcoding output.
C. SQS checks the health of the worker instances.
D. SQS helps to facilitate horizontal scaling of encoding tasks

You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site.
At some point, you find out that other sites have been linking to the photos on your site, causing
loss to your business. What is an effective method to mitigate this?

A. Remove public read access and use signed URLs with expiry dates.
B. Use CloudFront distributions for static content.
C. Block the IPs of the offending websites in Security Groups.
D. Store photos on an EBS Volume of the web server

A company wants to create standard templates for deployment of their Infrastructure. These
would also be used to provision resources in another region during disaster recovery scenarios.
Which AWS service can be used in this regard?

A. Amazon Simple Workflow Service

B. AWS Elastic Beanstalk
C. AWS CloudFormation
D. AWS OpsWorks

A company currently hosts their architecture in the US region. They now need to duplicate this
architecture to the Europe region and extend the application hosted on this architecture to the
new region. In order to ensure that users across the globe get the same seamless experience from
either setups, what among the following needs to be done?

A. Create a Classic Elastic Load Balancer setup to route traffic to both locations.
B. Create a weighted Route 53 policy to route the policy based on the weightage for each
location.
C. Create an Application Elastic Load Balancer setup to route traffic to both locations.
D. Create a Geolocation Route 53 Policy to route the policy based on the location.

You have a set of EC2 Instances that support an application. They are currently hosted in the US
Region. In the event of a disaster, you need a way to ensure that you can quickly provision the
resources in another region. How could this be accomplished? Choose 2 answers from the
options given below.

A. Copy the underlying EBS Volumes to the destination region.

B. Create EBS Snapshots and then copy them to the destination region.
C. Create AMIs for the underlying instances.
D. Copy the metadata for the EC2 Instances to S3.

BC

A company wants to have a NoSQL database hosted on the AWS Cloud, but do not have the
necessary staff
to manage the underlying infrastructure. Which of the following choices would be ideal for this
requirement?

A. AWS Aurora
B. AWS RDS
C. AWS DynamoDB
D. AWS Redshift

You are building an automated transcription service in which Amazon EC2 worker instances
process an uploaded audio file and generate a text file. You must store both of these files in the
same durable storage until the text file is retrieved. You do not know what the storage capacity
requirements are. Which storage option is both cost-efficient and scalable?

A. Multiple Amazon EBS Volume with snapshots

B. A single Amazon Glacier Vault
C. A single Amazon S3 bucket
D. Multiple instance stores

A customer has an instance hosted in the AWS Public Cloud. The VPC and subnet used to host
the instance have been created with the default settings for the Network Access Control Lists. An
IT Administrator needs to be provided secure access to the underlying instance. How can this be
accomplished?

A. Ensure the Network Access Control Lists allow Inbound SSH traffic from the IT
Administrator's
Workstation.
B. Ensure the Network Access Control Lists allow Outbound SSH traffic from the IT
Administrator's Workstation.
C. Ensure that the security group allows Inbound SSH traffic from the IT Administrator's
Workstation.
D. Ensure that the security group allows Outbound SSH traffic from the IT Administrator's
Workstation.

A company has an on-premises infrastructure which they want to extend to the AWS Cloud.
There is a need to ensure that communication across both environments is possible over the
Internet. What would you create in this case to fulfill this requirement?

A. Create a VPC peering connection between the on-premises and the AWS Environment.
B. Create an AWS Direct connection between the on-premises and the AWS Environment.
C. Create a VPN connection between the on-premises and the AWS Environment.
D. Create a Virtual private gateway connection between the on-premises and the AWS

A company wants to build a brand new application on the AWS Cloud. They want to ensure that
this application follows the Microservices architecture. Which of the following services can be
used to build this sort of architecture? Choose 3 answers from the options given below.

A. AWS Lambda
B. AWS ECS
C. AWS API Gateway
D. AWS Config

ABC

You are deploying an application to track the GPS coordinates of delivery trucks in the United
States. Coordinates are transmitted from each delivery truck once every three seconds. You need
to design an architecture that will enable real-time processing of these coordinates from multiple
consumers. Which service should you use to implement data ingestion?

A. Amazon Kinesis
B. AWS Data Pipeline
C. Amazon AppStream
D. Amazon Simple Queue Service
...

A company is planning on hosting a set of EC2 Instances on the AWS Cloud. They also need to
ensure that data can be stored on the EC2 Instances. Which block level storage device could
make this possible?

A. Amazon S3
B. Amazon Glacier
C. Amazon Storage Gateway
D. Amazon EBS Volumes

A company is planning on using the AWS Redshift service. The Redshift service and data on it
would be used continuously for the next 3 years as per the current business plan. Which of the
following would be the most cost-effective solution in this scenario?

A. Consider using On-demand instances for the Redshift Cluster.

B. Enable Automated backup.
C. Consider using Reserved Instances for the Redshift Cluster.
D. Consider not using a cluster for the Redshift nodes.

C
A company is planning to run a number of Admin related scripts using the AWS Lambda
service.
There is a need to detect errors that occur while the scripts run. How can this be accomplished in
the most effective manner?

A. Use CloudWatch metrics and logs to watch for errors.

B. Use CloudTrail to monitor for errors.
C. Use the AWS Config service to monitor for errors.
D. Use the AWS Inspector service to monitor for errors

A CloudFront distribution is being used to distribute content from an S3 bucket. It is required

that only a particular set of users get access to certain content. How can this be accomplished?

A. Create IAM Users for each user and then provide access to the S3 bucket content.
B. Create IAM Groups for each set of users and then provide access to the S3 bucket content.
C. Create CloudFront signed URLs and then distribute these URLs to the users.
D. Use IAM Polices for the underlying S3 buckets to restrict content.

You plan on creating a VPC from scratch and launching EC2 Instances in the subnet. What
should be done to ensure that the EC2 Instances are accessible from the Internet?

A. Attach an Internet Gateway to the VPC and add a route for 0.0.0.0/0 to the Route table.
B. Attach an NAT Gateway to the VPC and add a route for 0.0.0.0/0 to the Route table.
C. Attach an NAT Gateway to the VPC and add a route for 0.0.0.0/32 to the Route table.
D. Attach an Internet Gateway to the VPC and add a route for 0.0.0.0/32 to the Route table.

Your company currently has an entire data warehouse of assets that needs to be migrated to the
AWS Cloud. Which of the following services should this be migrated to?

A. AWS DynamoDB
B. AWS S3
C. AWS RDS
D. AWS Redshift
D

Your company has confidential documents stored in the Simple Storage Service. Due to
compliance requirements, there is a need for the data in the S3 bucket to be available in a
different geographical location. As an architect, what change would you make to comply with
this requirement?

A. Apply Multi-AZ for the underlying S3 bucket.

B. Copy the data to an EBS Volume in another region.
C. Create a snapshot of the S3 bucket and copy it to another region.
D. Enable Cross-Region Replication for the S3 bucket.

A company's requirement is to have a Stack-based model for its resources in AWS. There is a
need to have different stacks for the Development and Production environments. Which of the
following can be used to fulfill this required methodology?

A. Use EC2 tags to define different stack layers for your resources.
B. Define the metadata for the different layers in DynamoDB.
C. Use AWS OpsWorks to define the different layers for your application.
D. Use AWS Config to define the different layers for your application

You are designing a web application that stores static assets in an Amazon Simple Storage
Service (S3) bucket. You expect this bucket to receive over 150 PUT requests per second. What
should you do to ensure optimal performance?

A. Use Multipart upload.

B. Add a random prefix to the key names.
C. Amazon S3 will automatically manage performance at this scale.
D. Use a predictable naming scheme, such as sequential numbers or date time sequences in the
key names.

B
An infrastructure is being hosted in AWS using the following resources:
a) A couple of EC2 Instances serving a Web-Based application
b) An Elastic Balancer in front of the EC2 Instances
c) An AWS RDS which has Multi-AZ enabled

Which of the following can be added to the setup to ensure scalability?

A. Add another ELB to the setup.

B. Add more EC2 Instances to the setup.
C. Enable Read Replicas for the AWS RDS.
D. Add an Auto Scaling Group to the setup.

A company wants to store their documents in AWS. Initially, these documents will be used
frequently, and after a duration of 6 months, they will need to be archived. How would you
architect this requirement?

A. Store the files in Amazon EBS and create a Lifecycle Policy to remove the files after 6
months.
B. Store the files in Amazon S3 and create a Lifecycle Policy to archive the files after 6 months.
C. Store the files in Amazon Glacier and create a Lifecycle Policy to remove the files after 6
months.
D. Store the files in Amazon EFS and create a Lifecycle Policy to remove the files after 6
months.

When managing permissions for the API Gateway, what can be used to ensure that the right level
of permissions are given to Developers, IT Admins and users? These permissions should be
easily managed.

A. Use the secure token service to manage the permissions for different users.
B. Use IAM Policies to create different policies for different types of users.
C. Use the AWS Config tool to manage the permissions for different users.
D. Use IAM Access Keys to create sets of keys for different types of users

B
Your Development team wants to start making use of EC2 Instances to host their Application
and Web servers. In the space of automation, they want the Instances to always download the
latest version of the Web and Application servers when they are launched. As an architect, what
would you recommend for this scenario?
Please select :
A. Ask the Development team to create scripts which can be added to the User Data section
when the instance is launched.
B. Ask the Development team to create scripts which can be added to the Meta Data section
when the instance is launched.
C. Use Auto Scaling Groups to install the Web and Application servers when the instances are
launched.
D. Use EC2 Cong
to install the Web and Application servers when the instances are launched.

Your company has an application that takes care of uploading, processing and publishing videos
posted by users. The current architecture for this application includes the following:
a) A set of EC2 Instances to transfer user uploaded videos to S3 buckets
b) A set of EC2 worker processes to process and publish the videos
c) An Auto Scaling Group for the EC2 worker processes
Which of the following can be added to the architecture to make it more reliable?

A. Amazon SQS
B. Amazon SNS
C. Amazon CloudFront
D. Amazon SES

There is an urgent requirement to monitor some database metrics for a database hosted on
AWS and send notications.
Which AWS services can accomplish this? Choose 2 answers from the options given below.

A. Amazon Simple Email Service

B. Amazon CloudWatch
C. Amazon Simple Queue Service
D. Amazon Route 53
E. Amazon Simple Notification Service

BE
You have a business-critical two-tier web application currently deployed in 2 Availability Zones
in a single region, using Elastic Load Balancing and Auto Scaling. The app depends on
synchronous replication at the database layer. The application needs to remain fully available
even if one application AZ goes offline and if Auto Scaling cannot launch new instances in the
remaining AZ.
How can the current architecture be enhanced to ensure this?

A. Deploy in 2 regions using Weighted Round Robin with Auto Scaling minimums set at 50%
peak load per region.
B. Deploy in 3 AZ with Auto Scaling minimum set to handle 33 per cent peak load per zone.
C. Deploy in 3 AZ with Auto Scaling minimum set to handle 50 per cent peak load per zone.
D. Deploy in 2 regions using Weighted Round Robin with Auto Scaling minimums set at 100%
peak load per region.

You have been tasked with creating a VPC network topology for your company. The VPC
network
must support both internet-facing applications and internal-facing applications accessed only
over VPN. Both Internet-facing and internal-facing applications must be able to leverage at least
3 AZs for high availability. At a minimum, how many subnets must you create within your VPC
to accommodate these requirements?

A. 2
B. 3
C. 4
D. 6

You have the following architecture deployed in AWS:

a) A set of EC2 Instances which sit behind an ELB
b) A database hosted in AWS RDS Of late, the performance on the database has been slacking
due to a high number of read requests. Which of the following can be added to the architecture to
alleviate the performance issue?

A. Enable Multi-AZ to add a secondary read-only DB in another AZ.

B. Use ElastiCache in front of the database.
C. Use AWS CloudFront in front of the database.
D. Use DynamoDB to offload all the reads. Populate the common read items in a separate table.
B

An application is currently hosted on an EC2 Instance which has attached EBS Volumes. The
data on these volumes is frequently accessed. But after a duration of a week, the documents need
to be moved to infrequent access storage. Which of the following EBS volume type provides cost
efficiency for the moved documents?

A. EBS Provisioned IOPS SSD

B. EBS Throughput Optimized HDD
C. EBS General Purpose SSD
D. EBS Cold HDD

A customer wants to import their existing virtual machines to the cloud. Which service can they
use for this? Choose one answer from the options given below.

A. VM Import/Export
B. AWS Import/Export
C. AWS Storage Gateway
D. DB Migration Service

A company website is set to launch in the upcoming weeks. There is a probability that the traffic
will be quite high during the initial weeks. In the event of a load failure, how can you set up DNS
failover to a static website? Choose the correct answer from the options given below.

A. Duplicate the exact application architecture in another region and configure DNS
Weightbased
routing.
B. Enable failover to an on-premises data center to the application hosted there.
C. Use Route 53 with the failover option to failover to a static S3 website bucket or CloudFront
distribution.
D. Add more servers in case the application fails.

C
A company is running three production web server reserved EC2 Instances with EBS-backed
root
volumes. These instances have a consistent CPU load of 80%. Traffic is being distributed to
these instances by an Elastic Load Balancer. They also have production and development Multi-
AZ RDS MySQL databases. What recommendation would you make to reduce cost in this
environment without affecting availability of mission-critical systems? Choose the correct
answer from the options given below.

A. Consider using On-demand instances instead of Reserved EC2 instances.

B. Consider not using a Multi-AZ RDS deployment for the development database.
C. Consider using Spot instances instead of Reserved EC2 instances.
D. Consider removing the Elastic Load Balancer

An application consists of a couple of EC2 Instances. One EC2 Instance hosts a web application
and the other Instance hosts the database server. Which of the following changes can be made to
ensure high availability of the database layer?

A. Enable Read Replicas for the database.

B. Enable Multi-AZ for the database.
C. Have another EC2 Instance in the same Availability Zone with replication configured.
D. Have another EC2 Instance in the another Availability Zone with replication configured.

You are designing an architecture on AWS with disaster recovery in mind. Currently the
architecture consists of an ELB and underlying EC2 Instances in a primary and secondary
region.
How can you establish a switchover in case of failure in the primary region?

A. Use Route 53 Health Checks and then do a failover.

B. Use CloudWatch metrics to detect the failure and then do a failover.
C. Use scripts to scan CloudWatch logs to detect the failure and then do a failover.
D. Use CloudTrail to detect the failure and then do a failover.

A company has assigned two web servers instances to an Elastic Load Balancer. However, the
instances and the ELB are not reachable via URL to the elastic load balancer serving the web app
data from the EC2 instances. How might you resolve the issue so that your instances are serving
the web app data to the public Internet? Choose the correct answer from the options given below

A. Attach an Internet Gateway to the VPC and route it to the subnet.

B. Add an Elastic IP address to the instance.
C. Use Amazon Elastic Load Balancer to serve requests to your instances located in the internal
subnet.
D. None of the above

Your company currently has an infrastructure hosted On-premises. You have been requested to
devise an architecture on AWS for migrating some of the On-premises components. A current
concern is the data storage layer. Minimum administrative overheads are also required for the
underlying infrastructure in AWS. Which of the following would be included in your proposed
architecture? Choose 2 answers from the options given below.

A. Use DynamoDB to store data in tables.

B. Use EC2 to host the data on EBS Volumes.
C. Use the Simple Storage Service to store data.
D. Use AWS RDS to store the data.

AC

Currently, you're helping design and architect a highly available application. After building the
initial environment, you discover that a part of your application does not work correctly until
port 443 is added to the security group. After adding port 443 to the appropriate security group,
how much time will it take before the changes are applied and the application begins working
correctly? Choose the correct answer from the options below.

A. Generally, it takes 2-5 minutes in order for the rules to propagate.

B. Immediately after a reboot of the EC2 Instances belong to that security group.
C. Changes apply instantly to the security group, and the application should be able to respond
to 443 requests.
D. It will take 60 seconds for the rules to apply to all Availability Zones within the region.

A company hosts data in S3. There is now a mandate that going forward, all data in the S3
bucket needs to be encrypted at rest. How can this be achieved?
A. Use AWS Access Keys to encrypt the data.
B. Use SSL Certicates
to encrypt the data.
C. Enable Server-side encryption on the S3 bucket.
D. Enable MFA on the S3 bucket.

A company hosts data in S3. There is a requirement to control access to the S3 buckets. Which
are the 2 ways in which this can be achieved?

A. Use Bucket Policies.

B. Use the Secure Token Service.
C. Use IAM user policies.
D. Use AWS Access Keys.

AC

Your application provides data transformation services. Files containing data to be transformed
are first uploaded to Amazon S3 and then transformed by a fleet of Spot EC2 Instances. Files
submitted by your premium customers must be transformed with the highest priority. How would
you implement such a system?

A. Use a DynamoDB table with an attribute defining

the priority level. Transformation instances will scan the table for tasks, sorting the results by
priority level.
B. Use Route 53 latency-based routing to send high priority tasks to the closest transformation
instances.
C. Use two SQS queues, one for high priority essages, the other for default priority.
Transformation instances first poll the high priority queue; if there is no message, they poll the
default priority queue.
D. Use a single SQS queue. Each message contains the priority level. Transformation instances
poll high-priority messages first

A VPC has been setup with a subnet and an internet gateway. The EC2 instance is set up with a
public IP but you are still not able to connect to it via the Internet. The right security groups are
also in place. What should you do to connect to the EC2 Instance from the Internet?
A. Set an Elastic IP Address to the EC2 Instance.
B. Set a Secondary Private IP Address to the EC2 instance.
C. Ensure the right route entry is there in the Route table.
D. There must be some issue in the EC2 Instance. Check the system logs

A customer has a single 3-TB volume on-premises that is used to hold a large repository of
images and print layout files. This repository is growing at 500GB a year and must be presented
as a single logical volume. The customer is becoming increasingly constrained with their local
storage capacity and wants an offsite backup of this data, while maintaining low-latency access
to their frequently accessed data. Which AWS Storage Gateway configuration meets the
customer requirements?

A. Gateway-Cached Volumes with snapshots scheduled to Amazon S3

B. Gateway-Stored Volumes with snapshots scheduled to Amazon S3
C. Gateway-Virtual Tape Library with snapshots to Amazon S3
D. Gateway-Virtual Tape Library with snapshots to Amazon Glacier

A company is planning to use the AWS ECS service to work with containers. There is a need for
the least amount of administrative overhead while launching containers. How can this be
achieved?

A. Use the Fargate launch type in AWS ECS.

B. Use the EC2 launch type in AWS ECS.
C. Use the Auto Scaling launch type in AWS ECS.
D. Use the ELB launch type in AWS ECS.

You currently manage a set of web servers hosted on EC2 Servers with public IP addresses.
These IP addresses are mapped to domain names. There was an urgent maintenance activity that
had to be carried out on the servers and the servers had to be stopped and restarted. Now the web
application hosted on these EC2 Instances is not accessible via the domain names configured
earlier. Which of the following could be a reason for this?

A. The Route 53 hosted zone needs to be restarted.

B. The network interfaces need to initialized again.
C. The public IP addresses need to associated to the ENI again.
D. The public IP addresses have changed after the instance was stopped and started.

You are responsible for deploying a critical application to AWS. It is required to ensure that the
controls set for this application meet PCI compliance. Also, there is a need to monitor web
application logs to identify any malicious activity. Which of the following services can be used
to fulfill this requirement? Choose 2 answers from the options given below.

A. Amazon CloudWatch Logs

B. Amazon VPC Flow Logs
C. Amazon AWS Cong
D. Amazon CloudTrail

AD

There is a requirement to host a database server. This server should not be able to connect to the
Internet except while downloading required database patches. Which of the following solutions
would best satisfy all the above requirements? Choose the correct answer from the options
below.

A. Set up the database in a private subnet with a security group which only allows outbound
traffic.
B. Set up the database in a public subnet with a security group which only allows inbound traffic.
C. Set up the database in a local data center and use a private gateway to connect the application
to the database.
D. Set up the database in a private subnet which connects to the Internet via a NAT Instance.

You have both production and development based instances running on your VPC. It is required
to ensure that people responsible for the development instances do not have access to work on
production instances for better security. Which of the following would be the best way to
accomplish this using policies? Choose the correct answer from the options given below.

A. Launch the test and production instances in separate VPCs and use VPC Peering.
B. Create an IAM Policy with a condition that allows access to only those instances which are
used for production or development.
C. Launch the test and production instances in different
Availability Zones and use Multi-Factor Authentication.
D. Define the tags on the test and production servers and add a condition to the IAM Policy
which allows access to specific tags